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-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply v^/ithin the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to connmunication(s) filed on 05 July 2005 . 
2a)^ This action is FINAL. 2b)n This action is non-final. 

3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under £x parte Quay/e, 1935 CD. 11,453 0.0.213. 

Disposition of Claims 

4) |E] Claim(s) 1-4,6,8-21,23,25-38,40 and 42-51 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) ^ Claim(s) 1-4,6,8-21,23,25-38,40 and 42-51 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) ^ The specification is objected to by the Examiner. 

10)n The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or(f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . . 



3.n Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson*s Patent Drawing Review (PTO-948) Paper No(s)/Maii Date. . 

3) □ Infomiation Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5) □ Notice of Infomiai Patent Application (PTO-152) 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 20050816 
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DETAILED ACTION 

Claims 1-4,6,8-21.23.25-38,40, and 42-51 have been considered. 

Specification 

5 The Specification is objected to in accordance with the 112 rejection below. 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
10 making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 

art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

15 Claims 1-4,6.8-21,23,25-38,40, and 42-51 are rejected under 35 U.S.C. 112, first paragraph, as 

failing to comply with the written description requirement. The claim(s) contains subject matter which was 
not described in the Specification in such a way as to reasonably convey to one skilled in the relevant art 
that the inventor(s), at the time the application was filed, had possession of the claimed invention. The 
limitation "changing the first incoming PCS in the first data packet to an outgoing PCS specified by the 

20 first rule" in claims 1,18, and 35 could not be found in the Specification by the examiner. The examiner 
finds that the Specification discloses changing a PCS, not an incoming PCS, to an outgoing PCS. A 
PCS, an incoming PCS, and an outgoing PCS are separate entities as described by the Specification. 
Appropriate correction is required or a specific reference as to where the Specification discloses changing 
an incoming PCS is required. 

25 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for 
the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 
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(e) the invention was described In (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the Invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
5 351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 

only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

10 Claims 1-2,6,8-10,12,15-16.18-19.23,25-27,29,32-33,35-36,40,42-44,46, and 49-50 are rejected 

under 35 U.S.C. 102(e) as being anticipated by Bots, U.S. Patent Application No. 6.226,748. 

As per claims 1,18, and 35, the applicant discloses a method of controlling information flow 
through a firewall comprising the following limitations which are met by Bots: 
15 a) determining a first incoming packet community set (PCS) of a first data packet received on an 

interface of said firewall (Col 7, lines 1-6); 

b) discarding said first data packet in response to detecting said PCS is not a subset of an 
interface community set (IPCS) of said interface (Col 8, lines 2-4); 

processing said first data packet in response to detecting said first incoming PCS is a subset of 
20 said IPCS, wherein said processing comprises: 

c) matching said first data packet to a first rule of a plurality of rules of said firewall (Col 7, lines 1- 

19); 

d) comparing said first incoming PCS to a second incoming PCS specified by the first rule (Col 7, 
lines 1-19); 

25 e) changing the first incoming PCS in the first data packet to an outgoing PCS specified by the 

first rule, in response to determining the first Incoming PCS matches the second incoming PCS (Col 7, 
lines 1-19). 

As per claims 2,10,19,27,36, and 44. the applicant discloses the method of claims 1,9,18,26,35, 
30 and 43. which are met by Bots, with the following limitation which is also met by Bots: 
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Wherein said determining comprises determining a source network address community set 
(NACS) of said first data packet (Col 6, lines 34-38; Col 7, lines 1-6). 

As per claims 6,23, and 40, the applicant describes the method of claims 5,22, and 39, which are 
anticipated by Bots, with the following limitation which is also met by Bots: 

Wherein said processing further comprises discarding the first data packet, in response to 
determining the first incoming PCS does not match the second incoming PCS (Col 7, lines 14-16). 

As per claims 8,25, and 42, the applicant describes the method of claims 6,23, and 40, which are 
met by Bots, with the following limitation which is also met by Bots: 

Wherein changing said first incoming PCS to the outgoing PCS is in further response to 
determining that said first rule includes the action of forwarding said first data packet (Col 7, lines 1-19). 

As per claims 9,26, and 43, the applicant describes the method of claims 8,25, and 43, which are 
met by Bots, with the following limitations which are also met by Bots: 

a) comparing said outgoing PCS with a destination community set of said first data packet (Col 7, 
line 56 to Col 8, line 14; Fig 4); 

b) discarding said first data packet in response to detecting said outgoing PCS is not a subset of 
said destination community set (Col 8, lines 2-4); 

c) further processing said first data packet in response to detecting said outgoing PCS is a subset 
of said destination community set (Col 7, line 56 to Col 8, line 4). 

As per claims 12,29, and 46, the applicant describes. the method of claims 9,26, and 43, which 
are met by Bots, with the following limitations which are also met by Bots: 

a) transmitting said first data packet via an output interface of said firewall in response to 
detecting said outgoing PCS is a subset of the interface community set (IPCS) of said output interface 
(Col 6, lines 34-46); 
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b) discarding said first data packet in response to detecting said second PCS is not a subset of 
said IPCS (Col 8, lines 2-4); 

As per claims 15,32, and 49, the applicant describes the method of claims 1,18, and 35, which is 
5 met by Bots, with the following limitation which is also met by Bots: 

Further comprising consulting a community information base (CIB) (Col 2, lines 62-65); 
The community information base corresponds to lookup tables on the VPN units, which identify 
members of a group by their network addresses, provide services such as compression and encryption 
for authentication purposes, and include information corresponding to the VPN unit interfaces which allow 
10 the compression, encryption, and authentication rules of one VPN unit to be recognized by another. 



As per claims 16,33, and 50. the applicant describes the method of claims 15,32, and 49, which 
are met by Bots, with the following limitation which is also met by Bots: 

Wherein said CIS includes community set information corresponding to network addresses, 
15 network services, and interfaces (Col 2, lines 62-65). 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for ail obviousness 

rejections set forth in this Office action: 

20 (a) A patent may not be obtained though the invention is not identically disclosed or described as set 

forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Claims 3,11,20,28,37, and 45 are rejected under 35 U.S.C. 103(a) as being unpatentable by Bots 
in view of McNeill, U.S. Patent No. 6,167,052. 
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As per claims 3,11,20,28,37, and 45, the applicant discloses the method of claim 1,9,18,26,35, 
and 43, which are anticipated by Bets, with the following additional limitation which is met by McNeill. 

Wherein said determining comprises determining a source network service community set 
(NSCS) of said first data packet (McNeill: Abstract); 
5 The applicant describes the NSCS as identifying the source and destination by link layer 

addressing or a similar layering protocol (Applicant: Page 26). Bots discloses all the limitations of claims 
1,9,18,26,35, and 43 and the use of identifying a source by its address, but fails to disclose the use of 
determining a source by link layer addressing or similar layering protocol. McNeill discloses a system 
similar to Bots' and the applicant's in which connectivity is established in a network based on source and 
10 destination link layer addresses. It would have been obvious to one of ordinary skill in the art at the time 
the invention was filed to incorporate the ideas of McNeill with those of Bots and determine a source and 
destination from link layering addressing as another means to determine the source and destination of a 
data packet. 

15 Claims 4,13,21,30,38, and 47 are rejected under 35 U.S.C. 103(a) as being unpatentable by Bots 

in view of Kidambi, U.S. Patent No. 6,424.626. 

As per claims 4,13,21,30,38, and 47, the applicant discloses the method of claims 1,12,18,29,35, 
and 46, which are met by Bots, with the following limitation which is met by Kidambi: 
20 Wherein said incoming PCS is encoded in a header of said first data packet, and wherein said 

determining comprises decoding said incoming PCS from said header of said first data packet (Kidambi: 
Col 25, line 53 to Col 26, line 3 and Bots: Fig 6); 

Bots discloses all the limitations of the claim except for the limitation that the source and 
destination addresses are decoded from the header. Kidambi discloses the idea of encoding the source 
25 and destination addresses in the header. It would have been obvious to one of ordinary skili in the art at 
the time the invention was filed to encode the source and destination addresses in the header of a data 
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packet because doing so is a commonly accepted method of effectively transmitting the source and 
destination addresses. 

Claims 14,17,31,34,48, and 51 are rejected under 35 U.S.C. 103(a) as being unpatentable by 
5 Bots in view of Kisor, U.S. Patent No. 6.266,773. 

As per claims 14,17,31,34,48, and 51, the applicant describes the method of claims 
13,12,30,29,47, and 46, which are met by Bots, with the following limitation which is met by Kisor: 

Further comprising recording an event corresponding to said first data packet in response to 
10 detecting said outgoing PCS is not a subset of said destination community set (Col 3, lines 42-67); 

Bots discloses all the limitations of claims 13,12,30,29,47, and 46. However, Bots fails to 
disclose the use of recording an event in a security log. The use of a security log for recording an event 
is disclosed by Kisor in a computer security system. It would have been obvious to one of ordinary skill in 
the art at the time the invention was filed to incorporate the ideas of Kisor with those of Bots and add a 
15 security log for recording an event for extra security and monitoring in the system. 

Response to Arguments 

Applicant's arguments, see Remarks, filed 8/7/01, with respect to the double patenting rejection 
regarding case 09/981 ,607 (now US Patent No. 6,760,330) have been fully considered and are 
20 persuasive. The terminal disclaimer overcomes the double patenting rejection, and the double patenting 
rejection has been withdrawn. 

Applicant's arguments with respect to the objections of claims 8,25, and 42 have been fully 
considered and are persuasive. Therefore the claim objections' have been withdrawn. 

25 

Applicant's arguments with respect to claim 1 have been fully considered but they are not 
persuasive. The applicant argues that Bots does not disclose the limitations of claim 1 , specifically 
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amended parts d and e. Upon further consideration, the Bets reference still meets the limitations of claim 
1. Bots discloses a method of controlling information in which a data packet, which contains a source 
address and a destination address (first incoming PCS), is received on a firewall interface (part a). The 
first incoming PCS is compared to a source and destination address lookup table (IPCS) that is 
5 maintained at the VPN units in order to control information flow. If the source and destination addresses 
(first incoming PCS) are not a subset of the IPCS, the data packet is discarded (part b). If it is determined 
that the source and destination addresses (first incoming PCS) of the data packet have a matching 
source and destination address (second incoming PCS) in the lookup table and that the addresses are 
allowed to communicate with one another (parts c and d), the data packet is processed for output such 
10 that the source and destination addresses (first incoming PCS) are transformed through compression, 
encryption, etc into an outgoing PCS (part e). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office 
15 action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of 
the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
20 shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should 
25 be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 
be reached on M-F 7:30-6:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Emmanuel Molse can be reached on (571) 272-3868. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
5 Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 



10 
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